System and Method for Real Time Self-Provisioning for a Mobile Communication Device

ABSTRACT

A system and method of provisioning services for a mobile communication device are disclosed. A provisioning request including provisioning information and specifying a provisioning operation and a first communication service is prepared on the mobile communication device and sent to a provisioning system. Processing of the provisioning request is dependent upon whether or not a second communication service has been activated for the mobile communication device. If the mobile communication device is outside a coverage area of a wireless communication network when a provisioning request is prepared, the request is stored at the mobile communication device and sent to the provisioning system when the mobile communication device enters the coverage area. The provisioning system preferably manages service provisioning for multiple services, any of which may be hosted by different service providers.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation of U.S. patent application Ser. No.12/906,366, filed on Oct. 18, 2010, which is a divisional of U.S. patentapplication Ser. No. 10/489,433, filed on Mar. 9, 2004 (now U.S. Pat.No. 7,817,988), which is a 371 of PCT/CA02/01373, filed on Sep. 10,2002, which claims priority from Canadian Patent Application No.2,356,823, filed on Sep. 10, 2001 (now Patent No. 2,356,823).

FIELD

This application relates to provisioning of services for a mobilecommunication device.

BACKGROUND

When a user purchases a mobile communication device (“mobile device”),the mobile device normally cannot operate on a communication networkuntil it has been activated on the network.

Traditional systems and methods of activating mobile devices involve theuse of an activation code, which is obtained by the user from a networkoperator or service provider. In order to activate the mobile device,the user must typically first communicate a unique mobile device numberto the network operator via an alternate form of communication. Thisinitial communication is usually telephone-based, but may instead beaccomplished through email or a different network such as the World WideWeb or Internet.

In the case of telephone-based activation, the user must provide thenetwork operator with activation information by voice over a telephone,which is an immensely error-prone and time-consuming means ofactivation. The activation information varies with particular mobiledevices and networks, but usually includes at least the unique mobiledevice number and often also includes user billing and charginginformation. Some automated telephone-based systems use touch tones toallow the user to enter the activation information using a telephonekeypad, but this is also an extremely error-prone and time-consumingmeans of activation.

These difficulties are compounded by the often lengthy delay inactivation, which may involve a further return call by the networkoperator to the user at a telephone number specified by the user toprovide an activation code to the user. As those skilled in the art willappreciate, activation codes and the task of entering such a code into amobile device vary significantly between different devices, networks andservice providers. A user may therefore require further guidance from anetwork operator to properly enter the activation code manually into themobile device.

Some mobile device vendors and service providers attempt to alleviatethe above problems by having a sales person activate a new device at thepoint of sale. Although the activation is performed for the user byanother person, the user must normally wait while the activation iscompleted in order to provide required personal and billing information.Thus, whether the actual activation process is performed by the user orby a person acting on behalf of the user, mobile device activationremains a time consuming process for the user.

The preceding description relates primarily to initial activation of amobile device. It should be appreciated that similar problems and delaysare experienced by a user each time the user wishes to add, remove ormodify any mobile device-related services offered by a network operator.

There remains a need for a system and method of activating a mobiledevice essentially “right out of the box”, by which a user can activatethe mobile device without a complicated or time-consuming activationscheme.

There remains a further more general need for a system and method whichallows a user to manage device services directly on a mobile device.

SUMMARY

It is an object of the invention to provide a system and method ofactivating a mobile communication device by which a user can activatethe mobile communication device using only the mobile communicationdevice itself.

It is a further object of the invention to provide a system and methodfor real-time self-provisioning of services on a mobile communicationdevice.

According to an aspect of the invention, a system and method areprovided to allow a user to manage mobile communication device servicesin real time using the device.

In one embodiment, when a user first turns on a mobile communicationdevice, the mobile communication device itself is used to collectrelevant information from the user, thereby completing a user profile.This user profile is preferably stored on the mobile communicationdevice and includes the user information, the unique mobilecommunications device number and any other required information.

In the case of initial activation, when the user profile is complete, asoftware application on the mobile communication device sends the userprofile in a provisioning request to a provisioning authority using atemporary provisioning network activation code. Soon after theprovisioning authority receives a provisioning request sent from amobile communication device, the mobile communication device receives aprovisioning response sent in real time by the provisioning authority.Upon receiving the provisioning response, the mobile communicationdevice acts on the information obtained in the response. In the aboveexample of initial activation, the provisioning response includes anetwork activation code that is utilized by the mobile communicationdevice in order to activate the device on the network in real time.

A method of provisioning services for a mobile communication device,according to an aspect of the invention, comprises the steps ofreceiving a provisioning request, the provisioning request includingprovisioning information and specifying a provisioning operation and afirst communication service, determining whether a second communicationservice has been activated for the mobile communication device, and,where the second service has been activated for the mobile communicationdevice, then processing the provisioning information to determinewhether the provisioning operation may be performed, performing theprovisioning operation for the first communication service where theprovisioning operation may be performed, preparing a provisioningresponse indicating the result of the processing, and sending theprovisioning response to the mobile communication device.

According to a further aspect of the invention, a method of provisioningmultiple services for a mobile communication device comprises the stepsof receiving a provisioning request, the provisioning request includingprovisioning information and specifying a provisioning operation, a basecommunication service and a related communication service, processingthe provisioning information to determine whether the provisioningoperation may be performed for the base service, and, where theprovisioning operation may be performed for the base communicationservice, then performing the provisioning operation for the basecommunication service, processing the provisioning information todetermine whether the provisioning operation may be performed for therelated communication service, performing the provisioning operation forthe related communication service where the provisioning operation maybe performed for the related communication service, preparing aprovisioning response indicating that the provisioning operation wassuccessful, and sending the provisioning response to the mobilecommunication device.

In another aspect of the invention, a method for provisioningcommunication services using a mobile communication device configured tooperate within a wireless communication network comprising the steps ofpreparing a provisioning request at the mobile communication device,transmitting the provisioning request to a provisioning authority wherethe mobile communication device is within a coverage area of thewireless communication network, and, where the mobile communicationdevice is outside the coverage area of the wireless communicationnetwork, storing the provisioning request at the mobile communicationdevice, and transmitting the provisioning request to the provisioningauthority when the mobile communication device enters the coverage area.

A service provisioning system for a mobile communication device,according to a still further aspect of the invention, comprises meansfor receiving a provisioning request, the provisioning request includingprovisioning information and specifying a provisioning operation and afirst communication service, means for determining whether a secondcommunication service has been activated for the mobile communicationdevice, means for processing the provisioning information to determinewhether the provisioning operation may be performed, where the secondcommunication service has been activated for the mobile communicationdevice, and means for performing the provisioning operation for thefirst communication service where the provisioning operation may beperformed, wherein the provisioning operation for the firstcommunication service is dependent upon activation of the secondcommunication service.

In another aspect of the invention, a mobile communication deviceconfigured to operate within a wireless communication network comprisesmeans for preparing a provisioning request, means for storing theprovisioning request, and means for transmitting the provisioningrequest to a provisioning authority when the mobile communication deviceenters a coverage area of the wireless communication network.

A provisioning authority system for managing service provisioning formobile communication devices in a wireless communication systemcomprises at least one provisioning interface, means for receiving aprovisioning request, operatively associated with each of the at leastone interface systems, means for extracting provisioning informationfrom the provisioning request, and means for distributing theprovisioning information, wherein the means for distributing distributesthe provisioning information to one of a plurality of means forprocessing provisioning information.

Further features of the invention will be described or will becomeapparent in the course of the following detailed description.

BRIEF DESCRIPTION OF THE DRAWINGS

In order that the invention may be more clearly understood, severalpreferred embodiments thereof will now be described in detail by way ofexample, with reference to the accompanying drawings, in which:

FIG. 1 is a system diagram illustrating self-provisioning in accordancewith an embodiment of the invention;

FIG. 2 is a block diagram of a provisioning system according to theembodiment of FIG. 1;

FIG. 3 is a flow diagram illustrating a provisioning process accordingto an embodiment of the invention; and

FIG. 4 is a block diagram-illustrating a provisioning system accordingto a further embodiment of the invention;

FIG. 5 is a block diagram showing a variation of the provisioning systemof FIG. 4;

FIG. 6 is a block diagram showing a provisioning system according toanother embodiment of the invention;

FIG. 7 is a flow diagram of a provisioning process for a service whichis related to a further service;

FIG. 8 is a flow diagram illustrating a variation of the provisioningprocess of FIG. 7, in which both a service and a related service arerequested;

FIGS. 9 a-9 c form a flow diagram illustrating a further variation ofthe provisioning processes shown in FIGS. 7 and 8;

FIG. 10 is a flow diagram showing a delete service provisioning process;

FIG. 11 is a flow diagram showing a modify service provisioning process;and

FIG. 12 is a block diagram of a mobile communication device.

DETAILED DESCRIPTION

Provisioning is a general term that is commonly used in the field ofmobile communications in reference to the process by which servicesprovided by a service provider are managed. Initial serviceprovisioning, whereby a mobile communication device is first configuredfor operation within a communication network, is normally termedactivation.

Referring to FIG. 1, after the manufacturing of a mobile device 10, aprovisioning software application 12, which will be described in furtherdetail below, is installed on the mobile device 10. As those skilled inthe art will appreciate, installation of the provisioning application 12may instead be accomplished during the manufacturing process, forexample by storing the provisioning application 12 into a read onlymemory (ROM) or other non-volatile store which is installed into themobile device 10 and accessible by a processor (not shown) in the mobiledevice 10. In a particularly preferred embodiment, the provisioningapplication 12 is provided by a manufacturer of the mobile device 10,although it is contemplated that the provisioning application 12 mayinstead be provided by a network operator of a communication network inwhich the mobile device 10 is intended to operate or by a furtherexternal service provider or software application developer.

The manufacturing and provisioning application installation procedurescould be adapted to accommodate any such provisioning application supplyarrangement. Where the provisioning application 12 is designed by themobile device manufacturer, the provisioning application 12 ispreferably installed during manufacturing. If a network operator orexternal developer supplies the provisioning application 12, then theapplication could be either supplied to the mobile device manufacturerfor installation during device manufacturing or loaded to the mobiledevice 10 after manufacturing. Although the physical mobile device 10 isnot substantially changed by the installation of the provisioningapplication 12, a mobile device on which the provisioning application 12has been installed is labeled as 14 in FIG. 1. The mobile device 10 maybe an otherwise fully operational communication device, but wouldrequire activation and provisioning in accordance with a known processsuch as one of those described above.

Since the information required for activation and further serviceprovisioning is normally different for different services, networkoperators and other service providers, the provisioning application 12may be adapted for the network on which the mobile communications device14 will operate. The provisioning application 12 may also be customizedfor different network protocols and billing schemes. These and otherdesign criteria of the provisioning application 12 will be described infurther detail below.

When a mobile device 14 is purchased at a point of sale 16, theprovisioning application 12 may be invoked. The provisioning application12 preferably reads any available information required for serviceprovisioning, such as a mobile device identification code or number, forexample, from the mobile device 14. The user is then prompted for anyfurther required information and a provisioning request 15 istransmitted from the mobile device 14, through a mobile communicationnetwork 18 in which the device 14 is designed to operate and through afurther network such as the Internet 20 to a provisioning authority 22.The provisioning authority 22 stores the information provided in theprovisioning request 15 to a data store 24 and processes theprovisioning request 15. A provisioning response 17 is then generated bythe provisioning authority 22 and returned to the mobile device 14. Theprovisioning response 17 indicates whether access to any servicesspecified in the provisioning request 15 has been granted or denied andprovides any further information as may be required by the mobile device14 to make use of such services. In accordance with an aspect of theinvention, an initial provisioning request 15 and response 17 exchangeactivates a new mobile device on a network. A further aspect of theinvention provides for execution of the provisioning application 12 toallow a user to manage and customize mobile device services.

As described briefly above, the provisioning application 12 may besupplied by an external source such as a network operator or serviceprovider or by the mobile device manufacturer. When the provisioningapplication 12 is a custom application from a service provider, theprovisioning authority 22 is normally associated with a particularservice or group of services 26. The provisioning authority 22 alsoperforms provisioning functions for services a, b and c, associated withservice provider systems 28 a-28 c. Therefore, the provisioningauthority 22 manages service provisioning for the services 26 providedby the owner or operator of the provisioning authority 22 and servicesa-c associated with service provider systems 28 a-28 c, provided byother service providers. In alternate embodiments, a provisioningauthority may be configured to manage only services provided by an owneror operator of the provisioning authority or only those offered by otherservice providers. In FIG. 1, the provisioning authority 22 managesprovisioning of external services a-c, and as such may be considered tobe a provisioning service provider, in that the owner or operator isproviding the service of provisioning external services. Theprovisioning authority 22 allows a service provider to make a service,such as the services a-c, available to a mobile device 14 without havingto implement a provisioning system, thereby significantly reducing coststo the service provider while simplifying provisioning of the service bya user of the mobile device 14.

FIG. 2 is a block diagram of a provisioning system according to theembodiment of FIG. 1. As described above, the provisioning application12 may be invoked by a user to initially activate the mobile device 14on a communication network 18. An initial provisioning (activation)request 15 is sent from the mobile device 14 to the provisioningauthority 22 with which the provisioning application 12 is designed tooperate. For the purpose of illustration, the service a is assumed to bea network communication service or carrier service, provided by anetwork operator or carrier which owns or operates the service providersystem 28 a, external to the provisioning authority 22. The provisioningapplication 14 and the provisioning authority 22 are preferablyconfigured to obtain from a user and the mobile device 14 allinformation required by the carrier providing the carrier service a. Theprovisioning authority 22 is further configured to provide suchinformation to the service provider system 28 a in a predeterminedformat compatible with processing arrangements associated with theservice provider system 28 a.

For example, the service provider system 28 a may transmit to theprovisioning authority 22 a message indicating required activationinformation, including, for example, user name, mobile deviceidentification number, method of payment for services, credit cardnumber and the like. Most preferably, the provisioning applicationdeveloper is aware of at least the activation information required bythe service provider system 28 a for activation of the mobile device 14,and therefore either retrieves available information within the mobiledevice 14 or prompts the user to input any further required activationinformation before a provisioning request 15 is sent to the provisioningauthority 22. These details relating to required activation informationmay be stored, for example, in a service provider profile associatedwith the carrier at the provisioning authority 22. The provisioningauthority 22 then provides all required activation information to theservice provider system 28 a for processing and storage in itsassociated data store 24 a. This ensures that the mobile device 14 isactivated quickly via a single provisioning request 15. Service providerprofiles for each service provider, or possibly each service, maysimilarly be stored at the provisioning authority 22 and managed by eachservice provider. The provisioning authority 22 then determines theprovisioning information required to provision services from any serviceprovider using the service provider profiles.

From time to time, in response to changing conditions or in order toprovide enhanced services, for example, a carrier may determine thatfurther information must be provided before a mobile device 14 may beactivated on the carrier's network. The provisioning application 12 maythen be updated accordingly for installation in new mobile devices.However, if a user purchases a mobile device 14 in which an olderversion of the provisioning application 12 had been installed, thecarrier may deny access to the network since not all of the requiredactivation information will be supplied in the initial provisioningrequest. In such a situation, the information extracted from theprovisioning request 15, indicated at 23 a in FIG. 2, is preferably sentby the provisioning authority 22 to the service provider system 28 a,which determines that the information is not sufficient for activationof the mobile device 14 on the associated network 18. The serviceprovider system 28 a then transmits a further information request 25 aback to the provisioning authority 22, which preferably provides forsome form of communication with the provisioning application 12 beyondsimply responding to the provisioning requests 15. The provisioningapplication 12 then either prompts the user for the additional requiredinformation or retrieves the information if stored on the mobile device14 and transmits the information to the provisioning authority 22. Anyfurther information received from the mobile device 14 is forwarded tothe service provider system 28 a, which then activates the mobile device14 on its network 18 and sends a service approval indication to theprovisioning authority 22. The provisioning authority 22 then sends theprovisioning response 17 to the mobile device 14 to complete theactivation process. The mobile device 14 may then be used forcommunications over the network 18. Information extracted fromprovisioning requests is also forwarded to the service provider systems28 b and 28 c, as shown at 23 b and 23 c, respectively. Furtherprovisioning information requests 25 b and 25 c are also made, whennecessary, by the service provider systems 28 b and 28 c.

Alternatively, when the provisioning application 12 is updated toinclude further information in the provisioning request as describedbriefly above, the updated provisioning application may be sent to allmobile devices activated in a communication network that currently usean older version of the provisioning application. Since the updatedversion of the provisioning application is distributed to all mobiledevices in a network, any subsequent provisioning requests include allrequired information, thereby avoiding additional information requestsfor the further information, such as 25 a, 25 b and 25 c. Theprovisioning authority 22 might instead perform a check to determine ifa provisioning application 12 should be updated, by checking aprovisioning application version number included in a provisioningrequest, for example, the first time a mobile device 14 contacts theprovisioning authority 22 after a service provider has changed itsprovisioning information requirements. In the event of a positivedetermination, an updated provisioning application is sent to the mobiledevice 14 over the air, through the network 18. Any mobile devices usingthe provisioning authority 22 are thereby eventually provided with theupdated provisioning application.

The system shown in FIG. 2 includes further functional blocks such as abilling system 30 and warranty system 32. Although these further systemsdo not provide communication services, some of the information collectedfrom a mobile device 14 and a user thereof is pertinent to such systems.For example, the billing system 30 might be used to keep track ofairtime used for provisioning services. A service provider may then bebilled for such airtime as a cost of provisioning services provided bythe provisioning authority 22. A mobile device identification number,user name and date of activation may be provided to the warranty system32 by the provisioning authority 22. Thus, where different systems areconnected to the provisioning authority 22, the provisioning authority22 may be configured to provide different information to each system.These types of systems may also or instead be part of one or more of theservice provider systems 28 s, 28 b and 28 c, with any pertinentinformation being supplied to such systems by the respective serviceprovider system. A further advantage of the single provisioningauthority 22 is that additional systems may be added as required andsupplied with required data from the provisioning authority 22.

FIG. 3 is a flow diagram illustrating a provisioning process accordingto an embodiment of the invention. As described above, a provisioningapplication is installed in a mobile device during or aftermanufacturing, at step 302. At some time later, after the mobile devicewith the provisioning application is purchased and first powered on atstep 304, the provisioning application is invoked at step 306. Althoughshown in FIG. 3 as two distinct steps 304 and 306, powering on themobile device may automatically invoke the provisioning application.Alternatively, the provisioning application may be invoked following adifferent predetermined event, such as when a power source in the mobiledevice has been charged to a specified level or when the mobile devicefirst enters a coverage area of a communication network after beingpowered on, for example. The provisioning application might also requirethat the user manually enter a code or function call to begin a mobiledevice activation or service provisioning process.

When the provisioning application has been invoked, provisioninginformation such as user name, a mobile device identification number, aservice plan selection and the like, which may be specified in a serviceprovider profile at a provisioning authority, is gathered from the userand/or from a storage location in a mobile device memory component, asindicated at step 308. In step 310, a provisioning request is preparedand sent to the provisioning authority. If the mobile device is out ofcommunication network coverage or is otherwise unable to communicateover the network when the provisioning request is prepared, the requestis preferably stored on the mobile device and sent to the provisioningauthority, either automatically or responsive to a user input, when themobile device is able to communicate over the network, such as uponre-entry into a network coverage area.

The provisioning authority extracts the provisioning information fromthe received request and stores the extracted information to local datastore at step 312. Where the provisioning authority manages externalservices for other service providers, as shown in FIGS. 1 and 2, thestorage of provisioning information may be temporary, such thatinformation records for clients of external service providers are notmaintained after a provisioning process is completed.

Sensitive provisioning information such as credit card numbers or otherbilling details might also be encrypted by the mobile device 14 beforethe provisioning request is sent in order to keep such informationconfidential. Any encrypted information is then preferably decryptedonly by a provisioning authority “client”, such as a service providersystem or an external system such as the billing system 30 or warrantysystem 32 (FIG. 2). The provisioning system therefore does not haveaccess to sensitive information relating to users that subscribe only toexternal services not operated by the provisioning authority 22.

If external systems require any of the information extracted from theprovisioning request, then such information is forwarded to the externalsystems, at step 314.

In step 316, the provisioning authority determines whether theprovisioning request relates to a service, if any, associated with theprovisioning authority itself. Where the requested service is providedby an owner or operator of the provisioning authority, for example, theprovisioning authority the determines whether all required provisioninginformation has been received, at step 318. A step 320 of determiningwhether the user or the mobile device should be granted access to therequested service is then performed, where all required provisioninginformation, which may be different for different services and serviceproviders, has been received. Service is denied, for example, if invalidbilling information or an invalid mobile device identification numberhas been provided. The provisioning authority or a service providersystem, might also check to ensure that a credit card number does notcorrespond to a stolen credit card or that a mobile deviceidentification number does not already exist in its client records.Other criteria for denial of service will be apparent to those skilledin the art and are considered to be within the scope of the presentinvention.

The mobile device is registered for the requested service at step 322where the provisioning request is approved. When the requested serviceis network communication service, step 322 involves activation of themobile device on a communication network.

A provisioning response is prepared at step 324 and sent back to themobile device at step 326. If the mobile device requires any furtherinformation in order to make use of an approved service for which it hasbeen registered, then such information is preferably included in theprovisioning response. The mobile device is configured to update anavailable services list or menu at step 328 when a requested service hasbeen successfully provisioned. If the requested service is denied atstep 320, then an appropriate provisioning response is prepared at step324 and returned to the mobile device at step 326. At step 328, themobile device then updates a record of services for which a provisioningrequest has been denied, possibly including the reason for denial ofservice. The user is then able to determine whether or not a furtherprovisioning request for the same service should be submitted at a latertime. The provisioning process then ends at step 330. After initialprovisioning or activation, a user may invoke the provisioningapplication at any time to manage the services installed on the mobiledevice, as described in further detail below.

Returning now to step 318, the provisioning authority requests anyadditional required provisioning information from the mobile device oruser at step 332 where all required provisioning information has notbeen provided, for example if a service provider has changed theprovisioning information that is required. When a response to therequest for additional information is received from the mobile device atstep 334, the additional information is extracted at step 312 anddistributed to any external systems at step 314 if necessary. Theprocess then continues at step 318 and proceeds as described above.Although not specifically shown in FIG. 3, it will be apparent thatadditional required information may similarly be requested by a systemsuch as the billing system 30 or warranty system 32 (FIG. 2). Systeminformation requests may be distinct from service provider informationrequests, but some form of information request coordination is preferredin order to avoid multiple requests for the same information. When theprovisioning application is kept current as described above, theprovisioning request will include all required information and furtherinformation requests to the mobile device should therefore be minimal.

It may also be preferable to limit the number of times additionalrequired information is requested. After a certain number of requestshave been made for the same information, the provisioning process mayproceed from step 318 to step 320, to determine whether access to therequested service should be granted without the missing requiredprovisioning information. If access to the service is granted, themobile device is registered for the service at step 322 and the processproceeds as described above. This granting of service might instead be arestricted or time limited access, such that a service provider mayrequire that a user provide the missing information within a certaintime period in order to maintain the service or to obtain access tocertain aspects of a service. If the service is denied at step 320, thena provisioning response is prepared at step 324, indicating that somerequired provisioning information was not supplied and could not beobtained, and sent to the mobile device. Other arrangements intended tolimit the amount of time or provisioning system resources engaged inrepeated information requests may also be implemented at theprovisioning authority or an external system which may request suchadditional information. For example, the provisioning authority maycancel an outstanding additional information request, prepare andforward an appropriate provisioning response or message to the mobiledevice, and send a message to the system requesting the additionalinformation to indicate that the requested additional information couldnot be obtained where no response to the additional information requesthas been received within a predetermined maximum response time interval.

Where the service requested in the provisioning request is provided byan external provider, as determined at step 316, such as the carrier andservice provider system 28 a (FIG. 2) for initial device activation,then the extracted provisioning information is sent to the serviceprovider system at step 336. At step 338, the service provider systemdetermines whether or not all required provisioning information has beenreceived, and if not, additional information is requested via theprovisioning authority as described above, at steps 332 and 334. Wherethe provisioning authority stores service or service provider profiles,this check may instead be performed by the provisioning authority. Whenall required information is received, access to the service is eitherdenied or approved at step 340 and, if approved, the mobile device isregistered for the service at step 342. Step 340 may also be executedwhen additional information has been requested a predetermined number oftimes without success or an information request has timed out at theprovisioning authority, as described above. The external serviceprovider then returns to the provisioning authority an indication ofthat the service request has been approved or denied, and theprovisioning authority then prepares (step 324) and returns (step 326) aprovisioning response to the mobile device. Based on the provisioningresponse and the configuration of the mobile device, the mobile deviceupdates lists of available and unavailable services at step 328.

The preceding description relates primarily to initial provisioning oractivation of a mobile device 14 on a communication network 18.According to a further aspect of the invention, however, theprovisioning application 12 in a mobile device 14 may also be executedby a user to manage the services to which he or she subscribes. Afterthe mobile device 14 has been activated, further provisioning requests15 may be sent to the provisioning authority 22. These furtherprovisioning requests may add, remove or modify mobile device services,for example, and may relate to any services for which provisioning isaccomplished through the provisioning authority 22. The provisioningprocess for such further provisioning requests proceeds substantially asdescribed above.

The systems shown in FIGS. 1 and 2 provide for provisioning of servicesfor a mobile device 14 using only the mobile device 14 itself. In somecircumstances however, a user may wish to provision services through analternative interface. For example, a user may wish to activate a mobiledevice 14 or perform other provisioning services when the mobile device14 is outside wireless network coverage. The user might also feel morecomfortable using an interface with which he or she is more familiarthan a newly-purchased mobile device 14. FIG. 4 is a block diagramillustrating a provisioning system according to a further embodiment ofthe invention. The provisioning system in FIG. 4 provides not only theself-provisioning functionality as described above, but also web-basedand telephone-based provisioning. The provisioning authority 21 issubstantially similar to the provisioning authority 22 shown in FIGS. 1and 2 except that it supports web-based and telephone-basedprovisioning.

In the FIG. 4 system, a secure web page 44 is provided to allow a userto manage mobile device services through an internet-connected computer42. The computer 42 is a desktop computer or a portable computer such asa laptop or palmtop computer. The connection of the computer 42 to theInternet 20 and thus the web page 44 is commonly a wired connectionthrough an Internet Service Provider (ISP, not shown), although otherconnection schemes, such as through a wireless modem and a wirelessnetwork, are also contemplated.

When a connection to the secure web page 44 has been established,provisioning information required by the provisioning authority 21 orany service providers offering a requested service are entered into thecomputer 42 for transfer to the provisioning authority 21. In theembodiment shown in FIG. 4, the mobile device 14 is connected to thecomputer 42, through a serial connector, for example, so that mobiledevice information such as a mobile device identification number istransferred directly from the mobile device 14 to the computer 42,thereby reducing the amount of information that must be entered by theuser. The provisioning process proceeds substantially as described abovein conjunction with FIG. 3, except that provisioning requests andresponses are exchanged between the provisioning authority 21 and thecomputer 42 instead of between the provisioning authority 21 and themobile device 14.

Upon completion of a provisioning process, the mobile device 14 isinformed of the approval or denial of the provisioning request. Aprovisioning response is preferably sent to both the computer 42 and themobile device 14, provided that the mobile device 14 is within networkcoverage. The provisioning response might instead be sent to the mobiledevice 14 over the connection to computer 42. Otherwise, theprovisioning application on the mobile device 14 may include a utilityor function to send a “complete provisioning” or like request to theprovisioning authority 21 when the mobile device 14 enters a coveragearea of the communication network 18, in response to which theprovisioning authority 21 then sends to the mobile device 14 theprovisioning response and any information required for the mobile device14 to use an approved service. When a shared computer 42 is used in theprovisioning process however, the user may prefer to have theprovisioning response sent only to the device 14 or perhaps to analternate address. Such an alternate address may, for example, bespecified in the provisioning request.

For telephone-based provisioning, a user contacts the provisioningauthority 21 through the telephone system 46. Although it is preferredthat such conventional provisioning interfaces as the telephone systemare avoided by using the mobile device 14 and a provisioning applicationinstalled on the device to carry out provisioning operations,telephone-based provisioning is supported by the provisioning authority21 in order to provide a familiar interface for new users, as describedabove. Telephone-based provisioning schemes do not typically involve arequest and response mechanism, but interaction with an automatedtelephone system (not shown) or a service provider telephone operator orother customer service personnel that handle service provisioning forthe user through a provisioning authority user interface (UI) (notshown). However, even if a user chooses telephone-based provisioning,some type of provisioning response is prepared by the provisioningauthority 21 and sent to the mobile device 14 to indicate whether or nota service has been approved and to enable the mobile device 14 to usethe service. If the mobile device 14 is within a coverage area of thecommunication network 18, the provisioning response is sent to themobile device 14 upon completion of a provisioning process. Theprovisioning response is otherwise sent to the mobile device 14 when a“complete provisioning” or like request is received by the provisioningauthority 21 when the mobile device 14 enters network coverage.

The provisioning system shown in FIG. 4 has the advantage for a serviceprovider that only a single provisioning application or interface mustbe implemented. For example, the provisioning authority 21 may makeappropriate application programming interfaces (APIs) available to anyservice provider that intends to effectively offload provisioningfunctions to the provisioning authority 21 instead of implementing acustom provisioning system. The APIs define information formats,function calls and the like that a service provider should support inorder to communicate with and interpret information received from theprovisioning authority 21. In the system of FIG. 4, the provisioningauthority 21 provides potential clients of any of its associated serviceproviders with a choice of device-based, web-based or telephone-basedprovisioning, while the service providers need support only a singleinterface to the provisioning authority 21. Thus, a service providerallows provisioning of its services via a mobile device 14 with aprovisioning application, while also providing for more traditionalprovisioning schemes where a user of a mobile device 14 chooses to use atraditional provisioning scheme or a mobile device for which servicesare being provisioned is not capable of self-provisioning, i.e. noprovisioning application has been installed on the mobile device.

A further advantage of a system as shown in FIG. 4, incorporating aprovisioning authority 21 that supports multiple provisioning schemes,is that a user is not restricted to any particular provisioning scheme.For example, a user may not feel comfortable using a new mobile device14 to provision mobile device services and may instead use the secureweb page 44 or telephone system 46 for activation and any other initialservice provisioning. When the user has become more familiar with themobile device 14, however, the user may wish to provision new servicesor manage existing services using the provisioning application on themobile device 14. Since all of these interfaces are supported by thesingle provisioning authority 21, the user may perform provisioningfunctions via any one of the interfaces at any time.

As those skilled in the art will appreciate, the activation of a mobiledevice on a communication network using the mobile device itself can beproblematic in that carriers are normally reluctant to allow mobiledevices to access communication networks prior to activation of themobile devices on the networks. Without network access, a mobile devicecannot communicate with a provisioning system such as the provisioningauthority 21 or 22. One possible solution to this problem is to activateeach mobile device on the communication network within which it isintended to operate, before the mobile device reaches the point of sale16 (FIG. 1). For example, a mobile device could be activated before itleaves a manufacturing plant or when the provisioning application 12 isinstalled. Where network operators charge for services immediately aftera mobile device is activated however, this activation of the mobiledevice prior to sale incurs costs which must either be absorbed by themobile device manufacturer, the vendor of the mobile device or theservice provider, or passed on to the consumer, none of which aredesirable.

The provisioning system of FIG. 4 provides a more feasible solution tothis network access problem in that a mobile device 14 may be activatedthrough one of the alternate provisioning interfaces such as the webpage 44 or the telephone system 46. After the mobile device 14 has beenactivated, provisioning requests and corresponding responses may be sentand received by the mobile device 14. Any subsequent service managementfunctions can then be performed using the mobile device 14 and itsresident provisioning application 12.

In a particularly preferred embodiment, the provisioning application 12is the only software application that is permitted to accesscommunication resources on a mobile device 14 before the mobile device14 is activated on a network 18. All other communication-relatedsoftware applications are initially restricted from performing anynetwork communications functions. If a messaging application isinstalled on the mobile device 14, for example, a user may be able tocompose and store a message, but until the mobile device 14 is activatedon the network 18, no such message can be transmitted over the network18. Software applications not requiring network resources, such ascalendar applications, calculators, word processors, informationsynchronization applications which provide for synchronization of mobiledevice records with records on a user's PC, games, short-rangecommunications applications and the like may be fully operational, butonly the provisioning application is permitted to send and receive viathe network 18.

This restriction on initial communications functionality effectivelyprovides a mobile device 14 that, until properly activated on a network,may only call a provisioning authority 21 or 22, or perform any otherlegally required operations, such as placing 911 emergency calls wherethe mobile device 14 is a General Packet Radio Service (GPRS) mobiledevice. As such, a carrier need not be concerned that allowing themobile device 14 to access the network 18 will provide freecommunication services. Since only the provisioning application 12 andother legally required software applications and operations are able tosend and receive on the network 18, only provisioning functions andlegally required functions may be performed. According to thisembodiment, only the costs associated with the actual activationtransaction must be covered by the manufacturer, vendor, carrier oruser. Where a provisioning authority provides alternate provisioninginterfaces, as in FIG. 4, the user may activate a mobile device using analternate interface, such as the web page 44 or the telephone system 46,and thereby avoid any airtime charges associated with mobile deviceactivation. Upon receipt of a provisioning response, regardless of theprovisioning scheme used for mobile device activation, any othercommunication-related functions and software applications on the mobiledevice are enabled.

Initial communications restriction as described above is controlled on amobile device itself. Such communications restrictions may instead beimposed at the communication network level or at a service providerlevel. For example, a carrier or service provider may be configured todetect that a mobile device has not been activated on a communicationnetwork or properly registered for communication services. Anycommunication operation between the mobile device and any otherdestination than the provisioning authority 21 or 22 is rejected untilthe mobile device is activated on the network and possibly registeredfor a particular service, unless support for other communicationfunctions is required by law, as in the above example of 911 calls.

In a GPRS network, a subscriber identity module or SIM card in a mobiledevice must be populated before the mobile device is fully functional onthe network. As those skilled in the art will appreciate, a mobiledevice must also establish a packet data protocol (PDP) context prior tocommunicating over the network. According to an aspect of the invention,a carrier can easily determine, from this PDP context, that the mobiledevice is not yet activated on the network and thus can only communicatewith a provisioning authority such as 21 or 22. The carrier may thenallow the mobile device to send a provisioning request to theprovisioning authority in order to activate the mobile device fornetwork service. The information required by the SIM card is thenpreferably provided in the provisioning response. The provisionednetwork communication services are thereafter fully operational on themobile device. Alternatively, a GPRS carrier or service provider maydetermine the status of a mobile device by accessing a home locationregister (HLR) or possibly a visitor location register (VLR) in thenetwork.

It is apparent from the description above that different provisioningschemes may be preferred or required for different devices and differentnetworks. In accordance with a further aspect of the present invention,a provisioning authority manages service provisioning for multiplenetworks and mobile devices. FIG. 5 is a block diagram showing avariation of the provisioning system of FIG. 4, in which a singleprovisioning authority 50 manages service provisioning for networks 52,54 and devices 14 a, 14 b. In FIG. 5, service a, associated with serviceprovider system 28 a, is a network communication service provided by acarrier for network 52 and service b, associated with service providersystem 28 b, is a network communication service provided by a carrierfor network 54.

The provisioning authority 50 is substantially the same as provisioningauthority 22 and 21, but is capable of communication over more than onewireless network. Such multiple-network communication functionality maybe facilitated by different communication modules in the provisioningauthority 50, but is preferably provided in the gateways (not shown)through which the wireless networks 52 and 54 connect with the Internet20. Such gateways normally communicate with other systems, such as theprovisioning authority 50, over the Internet 20 using TransmissionControl Protocol over Internet Protocol (TCP/IP). The gateways performany required information format and protocol conversions to enablecommunication with the mobile devices 14 a and 14 b over the respectivenetworks 52 and 54. These gateways may instead be incorporated into asingle gateway which implements an IP interface for communication overthe Internet 20 and wireless network interfaces for communication withmobile devices 14 a and 14 b over the networks 52 and 54.

The mobile devices 14 a and 14 b may be either similar devices adaptedfor operation on the different networks 52 and 54 or entirely differentmobile devices. However, it is preferred that a provisioning applicationis resident on at least one of the mobile devices 14 a, 14 b. In FIG. 5,the provisioning application for the provisioning authority 50 isinstalled on each mobile device 14 a and 14 b. For the sole purpose ofillustration, it is assumed that the carrier for network 52 requiresthat the mobile device 14 a be activated on the network 52 before anynetwork communications will be permitted, whereas the mobile device 14 bis configured with restricted initial communications functionality asdescribed above, such that the carrier for network 54 allows the mobiledevice 14 b to communicate with the provisioning authority 50 to performinitial service provisioning or activation.

A user of the device 14 a, intended to operate on the network 52, musttherefore initially provision network services from the service providersystem 28 a through the secure web page 44, the telephone system 46, orpossibly through another alternate provisioning interface (not shown),if available. Once the mobile device 14 a is activated on the network52, the provisioning application may be executed to perform furtherprovisioning functions using only the device 14 a. Although an alternateprovisioning interface must be used for initial provisioning oractivation of the mobile device 14 a on the network 52, a user of themobile device 14 b may use the provisioning application and the mobiledevice 14 b itself to accomplish mobile device activation through theprovisioning authority 50. As will be apparent, any alternateprovisioning interface may instead be used when desired or required,such as when the mobile device 14 b is out of coverage of the network52, for example. A user of mobile device 14 b has a choice ofself-provisioning or alternate provisioning for activation of the mobiledevice 14 b.

The single provisioning authority 50 thereby independently managesprovisioning functions for multiple devices, networks and serviceproviders. Any provisioning scheme restrictions related to one mobiledevice, network, or service provider associated with the provisioningauthority 50 have no effect on provisioning functions of other mobiledevices, networks or service providers associated with the provisioningauthority 50.

FIG. 6 is a block diagram showing a provisioning system according toanother embodiment of the invention. The system of FIG. 6 issubstantially the same as the system shown in FIG. 4 and operatessubstantially as described above, but includes a service provider system28 d, which communicates with the provisioning authority 51 via theInternet 20. Alternatively, the service provider system 28 d maycommunicate with the provisioning authority 51 through a network otherthan the Internet 20, such as a local or wide area network. Informationand requests are exchanged between the service provider system 28 d andthe provisioning server 51, as described above, through the Internet 20.Other communication schemes and arrangements providing forcommunications between the provisioning authority 51 and the serviceprovider system 28 d will be apparent to those skilled in the art.Although the particular form of communications between the provisioningauthority 51 and service provider systems may vary, the overallprovisioning scheme is preferably substantially as described above.

The provisioning authority 51 supports more than one type ofcommunication interface to service provider systems. In FIG. 6, theinternal services 26 may use an internal computer interface and protocolfor communications with the provisioning authority 51, service providersystems 28 a, 28 b and 28 c may be associated with local serviceproviders in the vicinity of the provisioning authority 51 and beconfigured for communication with the provisioning authority 51 viaspecific local interfaces or protocols, whereas a remote serviceprovider system 28 d is configured for a further communicationsinterface and protocol. Those skilled in the art will appreciate thatmany different combinations of provisioning authority to serviceprovider interfaces, including interfaces not shown in FIG. 6, arepossible in accordance with this aspect of the invention.

The provisioning authority 51, as described above, exchanges differentinformation with different systems. For example, the provisioningauthority 51 may provide different information to different serviceprovider systems. In a further extension of this feature, theprovisioning authority 51 may exchange information with a particularservice provider system while executing a provisioning process for adifferent service provider. This facilitates not only multi-tasking orsimultaneous execution of multiple provisioning processes for differentindependent services possibly for different users, but also provisioningof related services from different service providers for the same user.Those skilled in the art will be familiar with the concept ofmulti-tasking. The latter related-service provisioning scheme will bedescribed in further detail below.

This aspect of the invention is particularly applicable where oneservice provider offers services related to a service provided by adifferent service provider. In a particular preferred embodiment, aservice provider system such as 28 d is associated with a serviceprovider d that provides messaging services, such as email services. Aservice provider c which owns or operates another service providersystem, 28 c for example, and provides some type of enhanced emailservice to users of its own email service, may wish to extend itscustomer base by offering the enhanced service to users of otherexternal email services such as those provided by the service providerd. Enhanced email service includes, but is in no way limited to,redirecting received email messages from an email system to the mobiledevice 53 over the communication network 55. In this embodiment, themobile device 53 is a wireless communication device capable of at leastsending and receiving email. In order to complete a provisioning processfor such an extension of enhanced services, the provisioning authority51 communicates with both service provider systems, 28 c and 28 d.

In the above example where the service provider c offers an emailredirection service, a mobile device user may wish to provision theservice for an existing email account associated with the serviceprovider d. The user may invoke the provisioning application on themobile device 55 or contact the provisioning authority 51 through one ofthe alternate provisioning interfaces, secure web page 44 or telephonesystem 46, as described above. The overall provisioning process proceedssubstantially as described above and shown in FIG. 3, but involvesadditional processing between the provisioning authority 51 and theexternal service provider system 28 d.

FIG. 7 is a flow diagram of a provisioning process for a service whichis related to a further service. The steps 738 through 744 and 746through 750 are performed by the provisioning authority 51 duringprocessing of a provisioning request for a service offered by a firstservice provider that is related to a different service offered by asecond service provider. The remaining steps in the provisioning processare substantially the same as similarly labeled steps in FIG. 3 and havebeen described above. These steps therefore will be described furtheronly to the extent necessary to illustrate related-service provisioning.

At step 702, a provisioning request is prepared and submitted to theprovisioning authority. As described above, information for theprovisioning request is preferably retrieved from the mobile device orrequested from a user. Although it is preferred that the provisioningrequest is prepared on and sent from a mobile device, any of thealternate provisioning interfaces shown in FIG. 6 may instead be used.The provisioning process then proceeds as described above to extract andstore provisioning information (step 704), send pertinent information tosuch systems as billing and warranty systems (step 706), and determinewhether the first service provider offering the requested service isexternal to the provisioning authority (step 708). The first serviceprovider then checks to ensure that all required information has beenreceived, at step 710 if the first service provider is internal, and atstep 730, after the provisioning information has been sent to theservice provider system at step 728 where the service provider isexternal. Any missing information is then requested if necessary at step724. As described above, device provisioning applications are preferablykept current, such that all required information is provided in aprovisioning request.

Depending upon the nature of missing provisioning information, the firstservice provider may continue to process the request for service, asdescribed above. When the required information has been received at step726, or the first service provider determines that the service requestprocessing should continue without certain information, then anindication to that effect is preferably sent to the provisioningauthority at step 738, if the first service provider is an externalservice provider. Since the enhanced service offered by the firstservice provider, an email redirection service in the above example, isdependent upon the related service (an email account) offered by thesecond service provider, then the provisioning authority or firstservice provider must at least verify that the user submitting theprovisioning request for the enhanced service has previously provisionedthe related service.

In FIG. 7, the first service provider attempts to verify the relatedservice before the request for its enhanced service is processed.However, these processes may be performed in a different order,according to the preferences of the particular first and/or secondservice providers involved in the related-service provisioning request,or by the provisioning authority as independent processes. For example,the first service provider may wish to verify user billing informationor mobile device information before attempting to verify or validate therelated service. The second service provider may also establishpreliminary checks that must be performed by the first service provideror provisioning authority before a validation request will be processed.These or other checks, including those involved in approving or denyingthe requested service, may also be performed simultaneously. The firstservice provider may, for example, perform some of its associatedservice approval checks while a related service validation request ispending or outstanding to the second service provider. The particularorder and type of checks performed may be determined by the provisioningauthority, the first service provider, the second service provider, orsome combination thereof. These and similar request processing criteriamay also be specified in a service provider profile at the provisioningauthority.

Related-service validation begins at step 740 for an external serviceprovider or step 746 for an internal service, in which the provisioningauthority sends a related-service validation request to the secondservice provider. The validation request includes information requiredby the second service provider to authorize access to its user orservice records. This information may include, for example, a user nameor identifier, an account name or number for the related service and anauthorization code such as a password, and is preferably provided by theuser in the related-service provisioning request or in response tofurther information requests from the first service provider or theprovisioning authority. Although not shown in FIG. 7, the second serviceprovider may be able to request from the user, the provisioningauthority, or the first service provider, any required information thatwas not provided in the validation request. This additional informationrequest may be submitted substantially as described above andillustrated in steps 724 and 726, with the response information beingprovided to the second service provider.

When a related-service validation response is received at step 742 orstep 748, it is determined whether the related service was validated bythe second service provider, at step 744 or step 750. This determinationis preferably made at the first service provider system when therequested service is provided by an external service provider or by theprovisioning authority when the service is provided by an internalservice provider which owns or operates the provisioning authority. Ifthe related service was validated, then processing continues at step 732or step 712, wherein the first service provider determines whetheraccess to the requested service should be granted. If the first serviceprovider approves the service request, then the mobile device isregistered for service at step 714 or step 734. If the first serviceprovider is an external provider, then an appropriate indication isreturned to the provisioning authority at step 736. A provisioningresponse is then prepared (step 716) and sent (step 718) to the mobiledevice or alternate provisioning interface that was used to submit theoriginal related-service provisioning request, and the mobile deviceservices are updated accordingly at step 720, as described above. Theprovisioning process is then complete, and ends at 722.

If the second service provider does not validate the related service,then access to the requested service is denied, an appropriateindication is returned to the provisioning authority at step 736 if thefirst service provider is an external service provider, and aprovisioning response is prepared and returned to the mobile device atsteps 716 and 718. A denial of service by the first service provider issimilarly communicated to the user, through an indication to theprovisioning authority if necessary and a provisioning response.

The first and second service providers may also provide a conditionalservice approval or related-service validation. For example, the secondservice provider may indicate in a validation response that a useraccount is not in good standing, but may be returned to good standingprovided that the user takes some action to restore the account. Accessto the requested service may then be granted to the user, conditionalupon the user restoring the account to good standing. If the firstservice provider determines that access to the requested service shouldbe denied, for example where an invalid related-service account number,an incorrect related-service account password, invalid billinginformation or the like has been provided by the user, full access tothe service could be made conditional upon the user supplying correctinformation and subsequent verification of the information by the firstand/or second service providers. In a similar manner, where the secondservice provider does not validate the related service, the firstservice provider may submit an additional information request to theuser through the provisioning authority to request correct or validinformation and submit a new validation request to the second serviceprovider when the additional information is received. As describedabove, the number times the first or second service provider requestsadditional information from the user is preferably limited.

In the above example of an email redirection service offered by thefirst service provider for existing email accounts provided by thesecond service provider, registration of a mobile device for redirectionservices at step 714 or step 734 involves not only a registrationprocess to register the user's mobile device on the first serviceprovider's system, but also some sort of registration process at thesecond service provider. In a preferred embodiment of the invention,setup of the user's email account for redirection service is performedin conjunction with the validation by the second service provider. Basicemail forwarding information, including at least a forwarding address,associated with the first service provider, to which new messagesarriving at the user's email system or indications that new messageshave arrived at the user's email system should be sent, are provided tothe second service provider as part of the validation request. Theforwarding information may instead be sent to the second serviceprovider when the user's account has been validated, as determined atstep 744 or step 750, or when the provisioning request has been approvedat step 712 or step 732.

In a particularly preferred embodiment, the provisioning authority sendsan encrypted validation request, in the form of an email messageencrypted using Pretty Good Privacy. (PGP) or Secure MultipurposeInternet Mail Extensions (S/MIME), for example, to the second serviceprovider. This message includes at least an email account identifier andan email account password supplied by the user and email forwardinginformation for the first service provider system. A validation responsefrom the second provider then preferably includes not only a validationof the email account information, but also a confirmation that the emailforwarding has been successfully enabled. Redirection of email from thefirst service provider system to the mobile device may then beconfigured at both the first service provider system and the mobiledevice.

The provisioning process shown in FIG. 7 assumes that the user wishes toprovision a service from a first service provider that is related to anexisting service from a second service provider. According to a furtheraspect of the invention, a first service and a related second serviceare provisioned via a single provisioning request. FIG. 8 is a flowdiagram illustrating a variation of the provisioning process of FIG. 7,in which both a service and a related service are requested. Forillustrative purposes, the above example of an email redirection serviceoffered by a first service provider for an email account hosted by asecond service provider will be used.

The provisioning process shown in FIG. 8 is substantially the same asthe provisioning process of FIG. 7, except that the first serviceprovider provisions the related service instead of validating therelated service. In this respect, the provisioning request prepared andsent at step 802 differs from the provisioning request prepared and sentat step 702. For example, where a new email account is to be provisionedas the related service offered by the second service provider, theprovisioning request includes at least a preferred user name andpassword, and any billing information as may be required by the secondservice provider. Steps 802 through 838 are otherwise substantially thesame as similarly labeled steps in FIG. 7. Steps 840 through 850, bywhich the process in FIG. 8 differs from the process in FIG. 7, aredescribed in further detail below.

When required provisioning information has been received or the firstservice provider determines that the service request processing shouldcontinue without certain information, as determined at step 810 or 830,then an indication to that effect is preferably sent to the provisioningauthority at step 838 if the first service provider is an externalprovider. Where the first service provider is internal to theprovisioning authority system, it should be apparent that no suchindication need be sent to the provisioning authority.

The provisioning authority then attempts to provision the relatedservice, a new email account, from the second service provider beforethe request for the service, an enhanced email service in this example,is processed. However, as above, these processes may be performed in adifferent order, according to the preferences of the particular firstand/or second service providers, or possibly simultaneously. Forexample, the first service provider or provisioning authority may firstverify user billing information or mobile device information before theservice and/or related service are provisioned. The first serviceprovider may instead perform some of its associated service approvalchecks while a related service provisioning request is outstanding fromthe provisioning authority. The particular order and type of checksperformed may be determined by the provisioning authority, the firstservice provider, the second service provider, or some combinationthereof.

Related-service provisioning, in this example email accountprovisioning, is initiated by sending the related-service provisioningrequest to the second service provider at step 840 or step 846. Therelated-service provisioning request may be in the form of an encryptedemail message to the second service provider as described above, andincludes any information required by the second service provider toprocess the related-service provisioning request. This information mayinclude, for example, a preferred user name and password and billinginformation required by the second service provider, which was providedby the user in the original multiple-service provisioning request. Thesecond service provider is also preferably able to request from theuser, the provisioning authority, or the first service provider, anyrequired information that was not provided in the related-serviceprovisioning request, substantially as described above and illustratedin steps 824 and 826, with the response information being provided tothe second service provider.

When a related-service provisioning response is received at step 842 orstep 848, the first service provider or provisioning authoritydetermines whether the related service was successfully provisioned, atstep 844 or step 850. The first service provider continues itsprocessing at step 812 or step 832, to determine whether access to therequested service should be granted, where the related service wassuccessfully provisioned. The process continues at step 834 or step 814,substantially as described above.

If the second service provider denies the related-service provisioningrequest, as determined at step 844 or step 848, then access to therequested service may be denied, an appropriate indication is returnedto the provisioning authority (step 836) if the first service provideris an external service provider, and a provisioning response is preparedand returned to the user at steps 816 and 818. A denial of service bythe first service provider following successful provisioning of therelated service is similarly communicated to the user, through anindication to the provisioning authority if necessary, and aprovisioning response. The user is preferably able to specify, either inthe original multiple-service provisioning request or a further messagesent to the provisioning authority in response to the provisioningresponse, any actions to be taken if provisioning of only one or theother of the requested service and the related service is successful.For example, the user may wish to maintain a new email account even ifthe request for email redirection service is denied. The user mightinstead prefer that the new related service be cancelled if access tothe requested service is denied.

The first and second service providers may also provide a conditionalservice approval or related-service validation. For example, the secondservice provider may indicate in the related-service provisioningresponse that the preferred user name is already used in its emailsystem or that the preferred password does not conform to its length orother formatting requirements, such that an email account could not beestablished. Access to the requested service may then be granted to theuser by the first service provider, conditional upon the userestablishing an email account and providing any information required bythe email account provider to allow email forwarding rules to beconfigured on the account. When such information is provided by theuser, the first service provider need only validate the existing accountas described above in conjunction with FIG. 7. Alternatively, inresponse to such user name or password problems, the first or secondservice provider may send an additional information request to the userto prompt the user to select and submit a different user name and/orpassword. The second service provider then preferably re-executes itsprocessing of the related-service provisioning request with the newinformation from the user. As above, if the provisioning applicationremains current with any changes in service provider requirements, suchproperties as password formatting requirements may be checked at themobile device (or web interface, if used for provisioning) before aprovisioning request is submitted.

Where invalid billing information or the like has been provided by theuser, full access to one or both of the service and the related servicecould be made conditional upon the user supplying correct informationand subsequent verification of the information by the first and/orsecond service provider. As described above, the number times the firstor second service provider requests additional information from the useris preferably limited.

Although FIGS. 7 and 8 show separate provisioning processes, dependentupon whether or not the related service exists or must also beprovisioned, a hybrid type of provisioning process, wherein theprovisioning authority or first service provider determines whether therelated service must be provisioned or merely validated, is alsocontemplated. Such a hybrid process includes a step to make thisdetermination and proceed to either validate (steps S702 through S708 aor S708 b) or provision (steps S802 through S808 a or S808 b) therelated service.

FIGS. 9 a-9 c form a flow diagram illustrating a further variation ofthe provisioning processes shown in FIGS. 7 and 8. The related-serviceand multiple-service provisioning process in FIGS. 9 a-9 c includes bothvalidation and provisioning steps for the related service, in which amobile device user has the option of using a related service offered byeither the first service provider or a second service provider.Continuing with the above example of an email redirection service and arelated email service, in this embodiment of the invention, the firstservice provider hosts not only the redirection service but also emailservices.

The process steps 902 through 936 are substantially the same assimilarly labeled steps in FIGS. 7 and 8, although the provisioningrequests and responses used in the process of FIGS. 9 a-9 c may includedifferent provisioning information.

A provisioning request is prepared and sent to a provisioning authorityat step 902. The provisioning process proceeds to execute the operationsin steps 904 through 908 as described above. The first service providerthen checks to ensure that all required information has been received,at step 910 or step 930 and requests any missing information ifnecessary at step 924.

When the first service provider is an internal service providerassociated with the provisioning authority and all required informationhas been received or the first service provider determines that theservice request processing should continue without certain information,at step 910, then the provisioning process proceeds as shown in FIG. 9b.

At step 938, it is determined whether the related service is an existingservice, i.e., whether the user has an email account with which theemail redirection service is to be established. If so, then the firstservice provider preferably determines whether the related service ishosted by a second service provider at step 904, for example by checkingthe domain name associated with email account information provided bythe user in the provisioning request. Where the existing service ishosted by the first service provider, the first service provider checksthe related service information to validate the user's related service,at step 942. Where the related service is provided by a second serviceprovider, then a validation request is sent to the second provider atstep 944. The internal validation result from step 942 or the validationresponse received from the second provider at step 946 is then analyzedto determine whether the related service was validated by the associatedfirst or second service provider, at step 948.

Where the related service is validated, the provisioning processcontinues at step 912 (FIG. 9 a). The user is either approved or deniedaccess to the requested service via steps 912 through 922 substantiallyas described above.

Although described only briefly above, FIG. 9 b shows exception or errorprocessing steps executed when an existing related service is notvalidated. At step 950, the first service provider determines whethervalidation of the existing related service should be re-tried. Forexample, the provisioning authority, first service provider or secondservice provider may automatically re-try validation a specific numberof times after a first validation failure, or upon other conditionsbeing satisfied. The first or second service provider or theprovisioning authority may then request that the user re-enter some orall related-service information at step 952 before re-trying thevalidation. Where a validation response indicates an incorrectrelated-service password for example, the user may be prompted tore-enter the password.

Where the validation fails and will not be re-tried, then the user maybe given the option of provisioning a new related service 954. Thisallows the user to provision a new email account if the existing accountinformation provided in the provisioning request or during theprovisioning process cannot be validated. When the user chooses toprovision a new related service, new related-service provisioninginformation, possibly including a preferred service provider, user name,password, billing information and any further information as may berequired by the specified service provider, is requested from the userat step 956. The first service provider then attempts to provision a newemail account on behalf of the user, as will be described in furtherdetail below. When related-service validation has failed and will not bere-tried, and the user does not wish to provision a new related service,processing continues at step 916, as described above.

If the user does not yet subscribe to a related service or has chosen toprovision a new related service, the first service provider determines,at step 958, whether the requested new related service is hosted by thefirst service provider or a third service provider. Those skilled in theart will appreciate that when the new related service is beingprovisioned after a related service validation failure, the thirdservice provider may be the second service provider or a furtherdifferent service provider. Where the requested related service ishosted by a third service provider, then a related-service provisioningrequest is sent to the third service provider at step 960 forprocessing. A related-service provisioning response is then returned tothe provisioning authority or the first service provider, as indicatedat step 962. If the requested related service is hosted by the firstservice provider, the first service provider processes the relatedservice request at step 964. Where both the service and the relatedservice are to be provisioned from the first service provider, the step964 may instead be incorporated into step 912, such that processingcontinues at step 912 following an affirmative determination at step958.

At step 966, the first service provider or provisioning authoritydetermines whether the related service was successfully provisioned.Where the related service was successfully provisioned, the firstservice provider continues its processing at step 912 to determinewhether access to the requested service should be granted. The processthen concludes at steps 914 through 922 as described above.

When the related-service provisioning is unsuccessful, the first serviceprovider may re-try to provision the related service, at step 968.Similar to the validation re-try described above, the provisioningauthority, the first service provider or the third service provider mayattempt to provision the related service a predetermined number of timesor upon certain conditions being satisfied. The user might instead beprompted to select whether or not related-service provisioning should bere-tried. If provisioning of the related service was unsuccessful and isnot retried, the provisioning process continues at step 916, and anappropriate provisioning response is prepared and returned to the mobiledevice at step 918.

When related-service provisioning is to be re-tried, the user isprompted to enter some or all of the provisioning information, at step970. For example, if the requested related service was denied because apreferred user name is already in use, then the user might be promptedfor either a new user name or a different service provider prior tore-trying the related-service provisioning. In this example, if theunsuccessful related-service provisioning was executed for a thirdservice provider, the first service provider may also indicate to theuser whether the preferred user name is currently available on itssystem or check with one or more other service providers to determine ifthe user name is available on their respective systems and indicatewhich service providers may be able to provide the related service withthe preferred user name. Similarly, alternate available user names onthe third service provider system or a system of another serviceprovider may be suggested to the user. The user may then choose tore-try related-service provisioning with the same service provider or adifferent service provider. By selecting one of the suggested user namesor service providers, the user increases the likelihood of successfullyprovisioning the related service.

Upon successful provisioning of the related service, the processproceeds with the service provisioning step 912 and 914 if appropriate.A provisioning response is then prepared at step 916 and returned to theuser at step 918, device services are updated at step 920 and theprocess ends at step 922. If the related service cannot be successfullyprovisioned and will not be retried, processing proceeds to step 926 andconcludes with steps 918 through 922.

FIG. 9 c shows a similar process for an external service provider. Theprovisioning process for an external service provider is substantiallythe same as that for an “internal” service provider associated with theprovisioning authority system and thus only the differences betweenthese processes will be described in detail.

At step 972, the external service provider returns an indication to theprovisioning authority that provisioning request processing willproceed, either when all required provisioning information is receivedor the external service provider determines that the provisioningrequest will be processed in the absence of any missing information. Theprovisioning process then continues at step 974 and proceeds to validate(steps 976 through 982) or provision (steps 993 through 996) the relatedservice as described above. If the related service is validated (step984) or successfully provisioned (step 997), then the process proceedsat step 932 to determine whether the user will be granted access to therequested service, the device is registered for service if appropriate(step 934) and an indication of approval or denial of service isreturned to the provisioning authority at step 936. The provisioningprocess then concludes at step 922, following preparation andtransmission of a provisioning response (steps 916 and 918) and updatingof device services (step 920).

The external provider process may also include related-servicevalidation and provisioning re-try procedures, via steps 986 and 998,respectively. In the event of a related-service validation orprovisioning failure, the validation or provisioning may be re-tried,with either the same information or new information requested from theuser (step 988 or step 999). When validation will not be re-tried, theuser may also be given an option to attempt to provision a new relatedservice, at steps 992 through 999, as described above. Ifrelated-service validation or provisioning has failed and will not bere-tried, or validation has failed and provisioning of a new relatedservice will not be attempted, processing continues at step 936 toreturn an appropriate indication to the provisioning authority and theoverall process concludes with steps 916 through 922.

It will be apparent to those skilled in the art that the aboveoperations may be performed in a different order than described andshown in the FIGS. 9 a-9 c. Also, some of the process steps andassociated operations, such as the re-try procedures and the newrelated-service provisioning after a validation failure, are optional.

The illustrative embodiments of provisioning systems and processes inaccordance with aspects of the invention have been described aboveprimarily in the context of subscribing to or adding a new mobile deviceservice. However, other provisioning requests, to delete or modifyexisting services for example, are also contemplated. The overallprovisioning system and processes would be substantially as describedabove. A delete service or modify service provisioning request wouldpreferably be submitted to a provisioning authority and processed by theprovisioning authority and possibly a service provider. When theprovisioning request has been processed, a provisioning response isreturned to the user, via the mobile device to which the serviceprovisioning request relates or an alternate provisioning interfacethrough which the provisioning request was submitted.

FIG. 10 is a flow diagram showing a delete service provisioning process,which effectively removes a service for a particular mobile device oruser. It should be understood that a delete service provisioning requestis prepared and sent to the provisioning authority and initialprovisioning request processing is substantially as described above. Inparticular, the process steps which precede the step of determiningwhether all required provisioning information has been received, as wellas the steps following service approval or denial have not been shown inFIG. 10 in order to avoid congestion in the flow diagram.

A provisioning request is prepared using either the mobile device orpossibly an alternate provisioning interface and submitted to theprovisioning authority, which extracts provisioning information anddetermines whether the service provider which hosts the service to bedeleted is associated with the provisioning authority system or anexternal service provider. As indicated in FIG. 10, provisioning requestpreparation and initial processing steps such as 302 through 316 andpossibly 336 in FIG. 3 or corresponding steps from FIG. 7, 8 or 9 a,precede step 1001. The service provider or provisioning authority thendetermines whether all required information has been received or, ifnot, whether processing should continue in the absence of any missinginformation, at step 1001, as described above.

The provisioning request preferably has a common format, including, forexample, a request type field to indicate the type of provisioningrequest (add service, delete service, modify service) and informationfields. Those skilled in the art will appreciate that different types ofrequests may include different information. For example, credit card andother billing information may be required in an add service provisioningrequest but not in a delete service request. Although the specificrequired information may be different for different types of requests,the checks in step 1001 are preferably performed similarly regardless ofthe type of request.

When processing of a delete service provisioning request is to continue,the service to be deleted is first validated to verify that the serviceactually exists. The service information provided by the user is checkedat step 1002, and at step 1004, it is determined whether the service wasvalidated. As described above, the validation may be re-tried at step1006, possibly after new information is provided by the user at step1008 following a validation failure. If the service cannot be validatedand validation will not be re-tried, then processing continues at step324 or at step 344 (FIG. 3) for an external provider, or atcorresponding steps from FIG. 7, 8, or 9 a. An appropriate provisioningresponse is prepared and returned, records, menus or lists on the mobiledevice may be updated to indicate a delete service operation error orfailure, and the delete service provisioning process ends. Deletion of aservice, similar to add service provision as described above, may beconditional, for example where some further information may be requiredfor completion of processing, the user has a billing amount outstanding,or perhaps some other service or account condition has not beensatisfied.

Where the service to be deleted is validated at step 1004, the serviceprovider or the provisioning authority the checks to determine whetherthe service to be deleted is related to any other mobile deviceservices, at step 1010. This step is preferred to avoid problems withany related services, but is optional. A check may instead be made atthe mobile device while a delete service provisioning request is beingprepared, before the provisioning request is submitted to theprovisioning authority, or after the service has been deleted. Where theservice is not related to any other device services, or if therelated-service check is not performed, the service is deleted by theservice provider at step 1011 and the process continues as describedabove. A delete service provisioning response confirms that the servicehas been deleted at the service provider and preferably initiatesdeletion of the service at the mobile device, by updating devicefunctions, service lists or menus, and possibly deleting applicationsrelated to the particular service. Deletion of a service preferably doesnot prevent the user from subscribing to the service at a later timethrough a further add service provisioning request.

Where a deleted service is related to another mobile device service,such as in the above example of an email account and an emailredirection service, the user must reconfigure the other device servicefor an alternate related service. Since the provisioning authoritypreferably manages provisioning of all device services, the provisioningauthority may perform the check at step 1010. This related-service checkmay instead be performed by a service provider, such as the serviceprovider hosting the service to be deleted or the service providerhosting the related service.

If a related mobile device service is found, then the provisioningauthority or a service provider sends an alert to the mobile device, atstep 1012. Alternatively, the delete service processing may be aborted,and the delete service provisioning response may indicate the reason fordelete service failure. When the alert is sent to the mobile device atstep 1012, delete service processing preferably stops until a responseis received from the user. The user further preferably has the option tospecify in the response whether or not a new replacement service withwhich the related service may be configured to operate should beprovisioned before the delete service provisioning processing iscompleted, as shown at step 1014. If the user chooses to provision a newservice to replace the service to be deleted, then the new service isprovisioned at step 1016.

The user's response to the alert preferably also indicates whether thedelete service process should continue. As shown in FIG. 10, this allowsthe user to choose to (i) provision a new replacement service at step1016 and delete the old service at step 1011 when the new service hasbeen successfully added, (ii) not provision a new replacement servicebut nonetheless delete the existing service at step 1011, or (iii) notprovision a new replacement service and abort the delete service processat step 1018. In the latter case, a new service could then beprovisioned and configured to operate with the related service and theold service deleted if necessary at a later time. The delete serviceprovisioning process may also be adapted to abort to step 324 or 344 orcorresponding steps in FIG. 7, 8 or 9 a after a predetermined amount oftime has elapsed without a response to the alert. As an alternative tosteps 1012 through 1018, the delete service process may first beconcluded and an add service provisioning process may then be invoked toadd a new service to replace the deleted service.

FIG. 11 is a flow diagram showing a modify service provisioning process.A user may wish to modify a service to subscribe to a different serviceplan for the same service, to add a mobile device to or remove a mobiledevice from an existing service account, to modify the mobile deviceregistered for a service when a new mobile device is purchased, or tomodify a billing address when a user relocates, for example. If themobile device registered for a service incorporates a SIM card, a modifyservice provisioning request may also be prepared and submitted wheneverthe SIM card is to be used in a different mobile device, when a new SIMcard is to be used in the mobile device, and other similar situations inwhich mobile device or user information changes. When a service may beconfigured according to user-established preferences, the user maysubmit a modify service provisioning request to initially setpreferences or modify existing settings.

A modify service provisioning request is preferably prepared andsubmitted to a provisioning authority, and initial provisioning requestprocessing is substantially as described above. As in FIG. 10, processsteps which precede step 1101 and follow step 1111 have not been shownin FIG. 11, but are common operations that are executed during addservice, delete service, modify service and possibly other provisioningprocesses.

The modify service provisioning request preferably conforms to a commonrequest format as described above, and includes at least a modifyservice indicator, to specify that the provisioning request is a modifyservice request, and any required provisioning information. The specificprovisioning information required for a modify service request may bedifferent than for other types of requests, but will preferably includeat least sufficient information to identify the particular service towhich the request relates and authorization information to ensure thatthe entity submitting the request is authorized to effect changes in theservice. The details on information required for a modify servicerequest might also be sent to a mobile device by the provisioningauthority based on a service provider profile. At step 1101, theprovisioning authority or service provider hosting the service to bemodified determines whether all required information has been provided.As in the provisioning processes described above, further informationmay be requested if necessary.

When all information is received or processing of a modify serviceprovisioning request is to continue without any missing information, asdetermined at step 1101, the service is validated. The provisioninginformation provided in the provisioning request is checked at step1102, and at step 1104, it is determined whether the service wasvalidated. The validation may preferably be re-tried at step 1106,possibly after new information is requested from user at step 1108,following a validation failure. If the service cannot be validated andvalidation will not be re-tried, then processing continues at step 324(FIG. 3), at step S344 for an external provider, or at correspondingsteps in FIG. 7, 8 or 9 a. A provisioning response is prepared andreturned, records, menus or lists on the mobile device may then beupdated to indicate that a modify service error or failure has occurred,and the provisioning process ends. Any changes to a service may beconditional, for example where any further information may be requiredfor completion of processing, the user's service account is not in goodstanding, and the like.

Upon validation of the service at step 1104, the service provider or theprovisioning authority checks to determine if any of the requestedchanges to the service will affect any other mobile device services, atstep 1110. This step is optional, but preferred in order to avoidproblems with such related services. A similar check may instead be madeat the mobile device, as described above for a delete serviceprovisioning request, while a modify service provisioning request isbeing prepared, before the modify service provisioning request issubmitted to the provisioning authority, or after the service has beenmodified. If the service is not related to any other mobile deviceservices, or if the related-service check is not performed, the serviceis then modified by the service provider at step 1111 and the processcontinues at step S324 or step S344 (FIG. 3) or the corresponding stepin FIG. 7, 8 or 9 a. A provisioning response to a modify serviceprovisioning request confirms that the service has been modified at theservice provider and preferably initiates any required changes to theservice or service-related applications at the mobile device. Ifnecessary, further changes to the same service may also be made at alater time through a further modify service provisioning request.

Where the service is related to another device service, such as in theabove example of an email account and an email redirection service, theuser may be required to reconfigure the other mobile device service toreflect any service changes. Since the provisioning authority preferablymanages provisioning of all mobile device services, the provisioningauthority may perform this check at step 1110. This related-servicecheck may instead be performed by a service provider, such as theservice provider hosting the service to be changed or the serviceprovider hosting the related service.

Where a related mobile device service is found and will be affected byany change requested in the provisioning request, then the provisioningauthority or a service provider sends an alert to the mobile device, atstep 1112. Alternatively, the modify service processing may be abortedat step 1110, and the modify service provisioning response indicates thereason for the modify service process failure. When the alert is sent tothe mobile device at step 1112, processing preferably stops until aresponse is received from the user of the mobile device. The userfurther preferably has the option to specify in the response whether heor she wishes to redefine the requested changes, including but in no waylimited to specifying new changes or effectively cancelling certainrequested changes, and whether the modify service processing shouldproceed. If the user chooses to redefine the requested changes, byspecifying new changes or cancelling some of the requested changes, forexample, then the new changes are detected at step 1116, the new changesare made at the service provider system at step 1111, and the modifyservice processing continues as described above.

The user's response to the alert may instead indicate that the requestedchanges will not be redefined and that the modify process should eitherproceed or be aborted, which is determined at step 1118. If the userchooses to proceed with the requested changes, then the changes are madeat step 1111 and the process continues at step 324 or step 344. If theuser chooses to abort the modify process, no changes to the service aremade and the process continues at step 324 or step 344. The modifyservice provisioning process may also be adapted to abort to step 324 orstep 344 as described above after a predetermined amount of time haselapsed without a response to the alert.

Add service provisioning, delete service provisioning and modify serviceprovisioning have been described above and shown in the drawings asseparate processes. However, the provisioning application at a mobiledevice and associated provisioning arrangements at the provisioningauthority and service provider systems may be configured to determine atype of any received provisioning request, such that the provisioningprocess includes common provisioning request preparation, submission,and information extraction and distribution operations, as well ascommon provisioning response preparation and transmission operations,with different but possibly inter-related processing operations for theparticular types of provisioning requests. Incorporation of the add,delete and modify service processes shown in the drawings into a singleoverall flow diagram for such a combined provisioning process adaptedfor multiple provisioning request types will be apparent to thoseskilled in the art.

Thus, a provisioning system and method in accordance with variousaspects of the invention may manage multiple provisioning functions fora plurality of internal and external service providers.

Having described provisioning systems and methods, a mobilecommunication device in which the provisioning application may beinstalled will now be described. FIG. 12 is a block diagram of a mobilecommunication device.

The mobile device 1200 is preferably a two-way communication devicehaving at least voice and data communication capabilities. The mobiledevice 1200 preferably has the capability to communicate with othercomputer systems on the Internet. Depending on the functionalityprovided by the mobile device, the mobile device may be referred to as adata messaging device, a two-way pager, a cellular telephone with datamessaging capabilities, a wireless Internet appliance, or a datacommunication device (with or without telephony capabilities). Asmentioned above, such devices are referred to generally herein simply asmobile devices.

The mobile device 1200 includes a transceiver 1211, a microprocessor1238, a display 1222, non-volatile memory 1224, random access memory(RAM) 1226, auxiliary input/output (I/O) devices 1228, a serial port1230, a keyboard 1232, a speaker 1234, a microphone 1236, a short-rangewireless communications sub-system 1240, and other device sub-systems1242. The transceiver 1211 preferably includes transmit and receiveantennas 1216, 1218, a receiver (Rx) 1212, a transmitter (Tx) 1214, oneor more local oscillators (LOs) 1213, and a digital signal processor(DSP) 1220. Within the non-volatile memory 1224, the mobile device 1200includes a plurality of software modules 1224A-1224N that can beexecuted by the microprocessor 1238 (and/or the DSP 1220), including avoice communication module 1224A, a data communication module 1224B, anda plurality of other operational modules 1224N for carrying out aplurality of other functions. The provisioning application describedabove may be implemented on the mobile device 1200 as one of thesoftware modules 1224N.

The mobile device 1200 is preferably a two-way communication devicehaving voice and data communication capabilities. Thus, for example, themobile device 1200 may communicate over a voice network, such as any ofthe analog or digital cellular networks, and may also communicate over adata network. The voice and data networks are depicted in FIG. 12 by thecommunication tower 1219. These voice and data networks may be separatecommunication networks using separate infrastructure, such as basestations, network controllers, etc., or they may be integrated into asingle wireless network. References to the network 1219 should thereforebe interpreted as encompassing both a single voice and data network andseparate networks.

The communication subsystem 1211 is used to communicate with the network1219. The DSP 1220 is used to send and receive communication signals toand from the transmitter 1214 and receiver 1212, and also exchangecontrol information with the transmitter 1214 and receiver 1212. If thevoice and data communications occur at a single frequency, orclosely-spaced set of frequencies, then a single LO 1213 may be used inconjunction with the transmitter 1214 and receiver 1212. Alternatively,if different frequencies are utilized for voice communications versusdata communications or the mobile device 1200 is enabled forcommunications on more than one network 1219, then a plurality of LOs1213 can be used to generate frequencies corresponding to those used inthe network 1219. Although two antennas 1216, 1218 are depicted in FIG.12, the mobile device 1200 could be used with a single antennastructure. Information, which includes both voice and data information,is communicated to and from the communication module 1211 via a linkbetween the DSP 1220 and the microprocessor 1238.

The detailed design of the communication subsystem 1211, such asfrequency band, component selection, power level, etc., is dependentupon the communication network 1219 in which the mobile device 1200 isintended to operate. For example, a mobile device 1200 intended tooperate in a North American market may include a communication subsystem1211 designed to operate with the Mobitex or DataTAC mobile datacommunication networks and also designed to operate with any of avariety of voice communication networks, such as AMPS, TDMA, CDMA, PCS,etc., whereas a mobile device 1200 intended for use in Europe may beconfigured to operate with the GPRS data communication network and theGSM voice communication network. Other types of data and voice networks,both separate and integrated, may also be utilized with the mobiledevice 1200.

As described above, communication network access requirements for themobile device 1200 also vary depending upon the type of network 1219.For example, in the Mobitex and DataTAC data networks, mobile devicesare registered on the network using a unique identification numberassociated with each device. In GPRS networks, access is associated witha subscriber or user of the mobile device 1200. Local or non-networkcommunication functions (if any) may be operable, without the SIM, butthe mobile device 1200 is unable to carry out functions involvingcommunications over the network 1219, other than any legally requiredoperations, such as ‘911’ emergency calling. Depending on theconfiguration of the mobile device 1200 and its provisioningapplication, network access for the mobile device 1200 may be arrangedusing the techniques described above.

After any required network registration or activation procedures havebeen completed, the mobile device 1200 is able to send and receivecommunication signals, preferably including both voice and data signals,over the network 1219. Signals received by the antenna 1216 from thecommunication network 1219 are routed to the receiver 1212, whichprovides for signal amplification, frequency down conversion, filtering,and channel selection, for example, as well as analog to digitalconversion. Analog to digital conversion of the received signal allowsmore complex communication functions, such as digital demodulation anddecoding, to be performed using the DSP 1220. In a similar manner,signals to be transmitted to the network 1219 are processed, includingmodulation and encoding, for example, by the DSP 1220 and are thenprovided to the transmitter 1214 for digital to analog conversion,frequency up conversion, filtering, amplification and transmission tothe communication network 1219 via the antenna 1218. Although a singletransceiver 1211 is shown for both voice and data communications, inalternative embodiments, the mobile device 1200 may include multipledistinct transceivers, such as a first transceiver for transmitting andreceiving voice signals, and a second transceiver for transmitting andreceiving data signals, or a first transceiver configured to operatewithin a first frequency band, and a second transceiver configured tooperate within a second frequency band.

In addition to processing the communication signals, the DSP 1220 alsoprovides for receiver and transmitter control. For example, the gainlevels applied to communication signals in the receiver 1212 andtransmitter 1214 may be adaptively controlled through automatic gaincontrol algorithms implemented in the DSP 1220. Other transceivercontrol algorithms could also be implemented in the DSP 1220 in order toprovide more sophisticated control of the transceiver 1211.

The microprocessor 1238 preferably manages and controls the overalloperation of the mobile device 1200. Many types of microprocessors ormicrocontrollers could be used here, or, alternatively, a single DSP1220 could be used to carry out the functions of the microprocessor1238. Low-level communication functions, including at least data andvoice communications, are performed through the DSP 1220 in thetransceiver 1211. High-level communication applications, including thevoice communication application 1224A, the data communicationapplication 1224B, and the provisioning application are stored in thenon-volatile memory 1224 for execution by the microprocessor 1238. Forexample, the voice communication module 1224A provides a high-level userinterface operable to transmit and receive voice calls between themobile device 1200 and a plurality of other voice devices via thenetwork 1219. Similarly, the data communication module 1224B provides ahigh-level user interface operable for sending and receiving data, suchas e-mail messages, files, organizer information, short text messages,etc., between the mobile device 1200 and a plurality of other datadevices via the network 1219.

The microprocessor 1238 also interacts with other device subsystems,such as the display 1222, RAM 1226, auxiliary I/O devices 1228, serialport 1230, keyboard 1232, speaker 1234, microphone 1236, a short-rangecommunications subsystem 1240 and any other device subsystems generallydesignated as 1242. For example, the modules 1224A-N are executed by themicroprocessor 1238 and may provide a high-level interface between auser of the mobile device and the mobile device. This interfacetypically includes a graphical component provided through the display1222, and an input/output component provided through the auxiliary I/Odevices 1228, keyboard 1232, speaker 1234, or microphone 1236.

Some of the subsystems shown in FIG. 12 perform communication-relatedfunctions, whereas other subsystems may provide “resident” or on-devicefunctions. Notably, some subsystems, such as keyboard 1232 and display1222 may be used for both communication-related functions, such asentering a text message for transmission over a data communicationnetwork, and device-resident functions such as a calculator or task listor other PDA type functions.

Operating system software used by the microprocessor 1238 is preferablystored in a persistent store such as the non-volatile memory 1224. Inaddition to the operating system and communication modules 1224A-N, thenon-volatile memory 1224 may include a file system for storing data. Theoperating system, specific device applications or modules, or partsthereof, may be temporarily loaded into a volatile store, such as RAM1226 for faster operation. Moreover, received communication signals mayalso be temporarily stored to RAM 1226, before permanently writing themto a file system located in the non-volatile memory 1224. Thenon-volatile memory 1224 may be implemented, for example, with Flashmemory, non-volatile RAM, or battery backed-up RAM.

Another exemplary application module 1224N that may be loaded onto themobile device 1200, in addition to the provisioning applicationdescribed above, is a PIM application providing PDA functionality, suchas calendar events, appointments, and task items. This module 1224N mayalso interact with the voice communication module 1224A for managingphone calls, voice mails, etc., and may also interact with the datacommunication module 1224B for managing e-mail communications and otherdata transmissions. Alternatively, all of the functionality of the voicecommunication module 1224A and the data communication module 1224B maybe integrated into the PIM module.

The non-volatile memory 1224 preferably provides a file system tofacilitate storage of PIM data items on the device. The PIM applicationpreferably includes the ability to send and receive data items, eitherby itself, or in conjunction with the voice and data communicationmodules 1224A, 1224B, via the wireless network 1219. The PIM data itemsare preferably seamlessly integrated, synchronized and updated, via thewireless network 1219, with a corresponding set of data items stored orassociated with a host computer system, thereby creating a mirroredsystem for data items associated with a particular user.

The mobile device 1200 is manually synchronized with a host system byplacing the mobile device 1200 in an interface cradle, which couples theserial port 1230 of the mobile device 1200 to a serial port of the hostsystem. The serial port 1230 may also be used to download otherapplication modules 1224N for installation on the mobile device 1200.This wired download path may further be used to load an encryption keyonto the mobile device 1200 for use in secure communications, which is amore secure method than exchanging encryption information via thewireless network 1219.

Additional application modules 1224N may also be loaded onto the mobiledevice 1200 through the network 1219, through an auxiliary I/O subsystem1228, through the short-range communications subsystem 1240, or throughany other suitable subsystem 1242, and installed by a user in thenon-volatile memory 1224 or RAM 1226. Such flexibility in applicationinstallation increases the functionality of the mobile device 1200 andmay provide enhanced on-device functions, communication-relatedfunctions, or both. For example, secure communication applications mayenable electronic commerce functions and other such financialtransactions to be performed using the mobile device 1200.

When the mobile device 1200 is operating in a data communication mode, areceived signal, such as a text message or a web page download, will beprocessed by the transceiver 1211 and provided to the microprocessor1238, which preferably further processes the received signal for outputto the display 1222, or, alternatively, to an auxiliary I/O device 1228.Owner information, owner control information, commands or requestsrelated to owner information or owner control information, and softwareapplications received by the transceiver 1211 are processed as describedabove. A user of mobile device 1200 may also compose data items, such asemail messages, using the keyboard 1232, which is preferably a completealphanumeric keyboard laid out in the QWERTY style, although otherstyles of complete alphanumeric keyboards such as the known DVORAK stylemay also be used. User input to the mobile device 1200 is furtherenhanced with the plurality of auxiliary I/O devices 1228, which mayinclude a thumbwheel input device, a touchpad, a variety of switches, arocker input switch, etc. The composed data items input by the user arethen transmitted over the communication network 1219 via the transceiver1211.

When the mobile device 1200 is operating in a voice communication mode,the overall operation of the mobile device 1200 is substantially similarto the data mode, except that received signals are output to the speaker1234 and voice signals for transmission are generated by a microphone1236. In addition, the secure messaging techniques described above mightnot necessarily be applied to voice communications. Alternative voice oraudio I/O devices, such as a voice message recording subsystem, may alsobe implemented on the mobile device 1200. Although voice or audio signaloutput is accomplished through the speaker 1234, the display 1222 mayalso be used to provide an indication of the identity of a callingparty, the duration of a voice call, or other voice call relatedinformation. For example, the microprocessor 1238, in conjunction withthe voice communication module 1224A and the operating system software,may detect the caller identification information of an incoming voicecall and display it on the display 1222.

A short-range communications subsystem 1240 is also be included in themobile device 1200. For example, the subsystem 1240 may include aninfrared device and associated circuits and components, or a Bluetooth.or 802.1. short-range wireless communication module to provide forcommunication with similarly-enabled systems and devices. Thus, softwareapplications, PIM data and other information may be enabled on themobile device 1200 via the serial port 1230 or other short-rangecommunications subsystem 1240.

FIG. 12 represents a specific example of a mobile device in conjunctionwith which provisioning systems and methods described above may beimplemented. Implementation of such systems and methods in other mobiledevices having further, fewer, or different components than those shownin FIG. 12 would be obvious to one skilled in the art to which thisapplication pertains and are therefore considered to be within the scopeof the present invention.

For example, although a SIM card has not been explicitly shown in FIG.12, it should be appreciated that implementation of provisioning systemsand methods in conjunction with mobile devices with SIM cards iscontemplated. Since SIM cards currently incorporate a memory componentinformation for a provisioning request, information extracted from aprovisioning response, or both, may be stored on a SIM card.

It will be appreciated that the above description relates to thepreferred embodiment by way of example only. Many variations on theinvention will be obvious to those knowledgeable in the field, and suchobvious variations are within the scope of the invention as describedand claimed, whether or not expressly described.

For example, although a single provisioning authority preferablyprovides a provisioning interface between multiple service providers anddevices which may use services hosted by such service providers, it willbe apparent that more than one such provisioning authority, each servingone or more service providers, may be implemented in a system.

In multiple provisioning authority systems, each authority is preferablyadapted to operate with a common provisioning application. However, itis also contemplated that different provisioning authorities may usedifferent provisioning applications. Intermediate interface ortranslation systems may provide for communication between a mobiledevice provisioning application and a provisioning authority adapted fora different provisioning application. Alternatively, a mobile device maydownload a corresponding different provisioning application from aparticular provisioning authority, a service provider that uses theparticular provisioning authority, or possibly from another provisioningapplication source such as a central repository of provisioningapplications. Depending upon the service to be provisioned, the serviceprovider hosting the service, or its associated provisioning authority,a particular corresponding one of a plurality of stored provisioningapplications may be invoked on a mobile device.

Further contemplated aspects of the invention relate to service queryand notify functions. In accordance with these aspects of the invention,a mobile device may query a provisioning authority to determine whichservices may be provisioned via the provisioning authority, and possiblywhich service providers host such services. If necessary, a user maythen download a corresponding provisioning application and provision anydesired services using the provisioning application and provisioningauthority. A service notify feature may be implemented by a serviceprovider or a provisioning authority as an advertising mechanism,whereby the service provider or provisioning authority notifies mobiledevices of available services. A service notify message may be sent to amobile device upon conclusion of an initial provisioning (activation)operation for the mobile device, as an attachment to or following atransmission of a provisioning response, for example. Such a messagemight also be sent to all mobile devices that have previously used aparticular provisioning authority or service provider, when a newservice or service provider becomes available.

Those skilled in the art will also appreciate that other alternateprovisioning interfaces in addition to those shown in the drawings maybe provided. One such alternate interface that may not be immediatelyapparent is another mobile communication device. For example, a user maywish to provision mobile device services using a mobile device on whicha provisioning application has not been installed, or perhaps when themobile device is out of mobile communication network coverage or wouldincur roaming charges for any network communications. If the mobiledevice and a second available mobile device are enabled for short-rangecommunications as described above, then “proxy” type provisioning may bepossible. The second mobile device may download, if necessary, theappropriate provisioning application. Any information required for theintended provisioning operation is transferred from the first mobiledevice to the second mobile device via the short-range link, and theprovisioning application on the second mobile device prepares andsubmits the provisioning request and receives the provisioning responseon behalf of the user of the first mobile device. If the provisioningapplication is resident on the first mobile device, then theprovisioning application may be transferred to the second mobile devicefrom the first device via the short-range communications link ifnecessary, or the provisioning request could be prepared on the firstmobile device and submitted to the provisioning authority via the secondmobile device. The provisioning response may then be received by thesecond mobile device and similarly transferred to the first mobiledevice via the short-range link.

1. A provisioning authority for communication with a service providersystem and a plurality of cellular phones, the provisioning authoritybeing associated with a billing system and configured to: communicateprovisioning information to the plurality of cellular phones; andcommunicate provisioning information of the plurality of cellular phonesto the service provider system.
 2. The provisioning authority of claim 1further including a data store configured for storing the provisioninginformation.
 3. The provisioning authority of claim 1 further includinga provisioning application associated with a respective one of thecellular phones and configured for communication with the provisioningauthority, the provisioning application configured for provisioning aservice on the respective one of the cellular phones.
 4. A provisioningauthority associated with a service provider system and in communicationwith a plurality of cellular phones, comprising: a billing system; aprovisioning application associated with a respective one of thecellular phones for communication with the provisioning authority;wherein said provisioning application provisions a service on therespective one of the cellular phones, said service associated with theservice provider system; and wherein provisioning information of theplurality of cellular phones is communicated from the provisioningauthority to the service provider system.
 5. The provisioning authorityof claim 4 wherein the billing system is associated with theprovisioning authority and is configured for providing provisioninginformation.
 6. The provisioning authority of claim 4 wherein theprovisioning application is a customized application associated with theservice provider system.
 7. The provisioning authority of claim 4wherein the provisioning authority further includes a data storeconfigured for storing the provisioning information.
 8. A provisioningsystem associated with a service provider system and in communicationwith a plurality of cellular phones comprising: a provisioningapplication associated with a respective one of the cellular phones forcommunication with the provisioning system; wherein said provisioningapplication provisions a service on the respective one of the cellularphones, said service associated with the service provider system; andwherein provisioning information of the plurality of cellular phones iscommunicated from the provisioning system to the service providersystem.
 9. The provisioning system of claim 8 further including abilling system.
 10. A method of provisioning a plurality of cellularphones in communication with a provisioning authority, the provisioningauthority being associated with a service provider system, the methodcomprising: associating a billing system with the provisioningauthority; configuring the provisioning authority to communicateprovisioning information to the plurality of cellular phones; andconfiguring the provisioning authority to communicate provisioninginformation of the plurality of cellular phones to the service providersystem.
 11. The method of claim 10 wherein the provisioning authority isconfigured to store the provisioning information to a data store.